[Openswan Users] recommended Phase 1 and Phase 2 keylife values

hiren joshi joshihirenn at gmail.com
Mon Mar 3 10:54:12 EST 2008

Hello all,

In a normal ipsec connection, what should be the values of ikelifetime
(phase-1) and keylife (phase-2).
Particularly whether ikelifetime > keylife, or ikelifetime < keylife ?

As per `man ipsec.conf`, default values for Phase -1 keylife is 1 hour and
Phase -2 keylife is 8 Hours.
Are they represent the recommended one?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080303/63fac7ab/attachment.html 

More information about the Users mailing list